Comment 3 for bug 1992595
Revision history for this message
| Sergio Durigan Junior (sergiodj) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Paride is correct here, but allow me to expand a little bit.
OpenVPN 2.6 doesn't include AES-256-CBC in its default set of supported data ciphers. This was a decision from upstream, and I believe it was based on the fact that BF-CBC is affected by the SWEET32 attack (https:/
On top of that, upstream also pretty much deprecated the "cipher" option:
https:/
So, if you still want to use AES-256-CBC, you have to include the following line in your client config file:
data-ciphers AES-256-
I also agree with Paride that it would be better to use a data cipher that is supported by default, BTW.
I also agree that this is not a bug in Ubuntu, but I will make sure to expand Kinetic's release notes to mention the cipher changes. I'm marking this as Won't Fix, but please feel free to reopen it if you still think this is a bug in the distribution. Thanks.